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DETAILED ACTION 
Response to Arguments 

1 . Applicant argues that Edwards is not a valid prior art to be used in the 
rejection under § 103 (a). Examiner agrees that Edwards reference U.S. Patent No. 
6,490,626 B1 is precluded as prior art under 35 U.S.C. 103(c). However, examiner 
points out that Hewlett-Packard Company (Edwards et al.), European Patent 
Application No. 97309328 corresponds to Hewlett-Packard Company (Edwards et 
al.), European Patent Application Publication No. EP 0 926 605 A1 , published on 
06/30/1999, before the filing date of 10/14/1999 of the parent of the instant application. 
Thus, the Edwards European reference is prior art under 35 U.S.C. 102(a) and may 

be used as prior art under 35 U.S.C. 103(a) and is not subject to the exception under 35 
U.S.C. 103(c). Accordingly, the rejection based on the European Patent Application 
Publication No. EP 0 926 605 A1 is provided herein. 

2. Referring to the rejection of claim 1 under 35 USC §112, Applicant's arguments 
have been considered and found persuasive. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
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invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claim 1 - 29 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Edwards (EP 0 926 605 A1) in view of Shurts (U.S. Patent No. 5.572.673). 

5. Referring to the instant claims, Edwards discloses a browser system (see title and 
Fig. 2). The operation of the Web browser (210) is prevented from accessing or 
damaging other compartments of the CMW machine (200) as a result of mandatory 
access control (MAC), which is configured appropriately (see abstract). 

Edwards teaches that the MAC policy uses labels that reflect information sensitivity, 
and maintains those labels for every process and file system object to prevent users not 
cleared for certain levels of classified information from accessing it (see, lines 0020). 
Edwards also teaches that the sensitivity labels are associated with every process and 
file system object, and are used as the primary basis for all MAC policy decisions. A 
sensitivity label represents the sensitivity of a process or a file system object and also 
the data each contains. If an application and the file it attempts to access have 
compatible sensitivity labels, the application can read, write, or possibly execute the file, 
and each new process typically inherits the sensitivity label of its parent (see lines 
0020). Sensitivity labels are prioritized for MAC in a way that determines how 
processes or objects having one sensitivity label can interact with processes or objects 
having different sensitivity labels. The prioritization is defined internally of the operating 
system. The diagram in FIG. 3 represents the relationship between the parts of the 
system illustrated in FIG. 2. 
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6. Referring to the independent claims 1 and 12, the limitation "enforcing sensitivity 
labels such that the operating system restricts the transfer of data transfer between 
subjects and objects associated with inconsistent sensitivity labels" is met by teaching 
of Edwards that if the application (i.e. subject) and the file (i.e. object) it attempts to 
access have compatible sensitivity labels, application can read, write, or possibly 
execute the file (see lines 0020). The limitation "designating the sensitivity labels such 
that each sensitivity label either dominates, is dominated by, or incomparable..." is met 
by Fig. 3 depicting the sensitivity labels are prioritized in such a way that it determines 
how objects having one sensitivity label can interact with the objects having different 
type of sensitivity label. The limitation "...defining the arbitrary relationships between the 
subjects and objects of different sensitivity labels" is met by the sensitivity labels, which 
are prioritized in such a way that it determines how objects having one sensitivity label 
can interact with the objects having different sensitivity label (see Fig. 3). Edwards, 
however does not explicitly teach providing discrete access between arbitrary, 
incomparable sensitivity labels. Referring to the instant claims, Shurts discloses a 
secure multi-level system for executing stored procedures (see abstract). Shurts 
teaches that before any object is accessed in a MAC system, the subject's sensitivity 
label is compared with the object's sensitivity label to determine whether the subject is 
allowed to access the object in the manner requested (see column 1, lines 60-64). 
Shurts also teaches that trusted stored procedure's write sensitivity label is dominated 
by an object's access sensitivity label, the trusted stored procedure can write to that 
object during execution. A subject's sensitivity labels need not dominate the trusted 
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stored procedure's read and write labels in order for the trusted stored procedure to 
execute. In fact, a trusted stored procedure may access objects beyond the reach of the 
subject in normal operation (see column 3, lines 45-53). Therefore, at the time the 
invention was made it would have been obvious to modify the system of Edwards in 
such a way that the enforcement of sensitivity label dominance and the restriction of 
data transfer between subjects and objects associated with inconsistent sensitivity 
labels is combined to provide discrete access between objects beyond the reach of the 
subject in normal operation as taught in Shurts. One of ordinary skill in the art would 
have been motivated to combine the enforcement of sensitivity label dominance and the 
restriction of data transfer to provide discrete access between objects beyond the reach 
of the subject in normal operation as taught by Shurts for allowing the subject to use the 
trusted stored procedure or a trigger to access certain objects having higher sensitivity 
levels than his or her own (see Shurts, abstract). 

7. Referring to claim 2, Edwards teaches labeling with sensitivity labels all objects 
including network connections, file systems objects etc. (see lines 0020). 

8. Referring to claim 3, it is notoriously well known in the art to use a tag value and a 
label definition. For example tag values and label definitions are used in HTML coded 
web pages. One of ordinary skill in the art would have been motivated to use the tag 
values and the label definitions for comparing the labels. 

9. Referring to claims 3, 4 and 12, Edwards teaches defining the hierarchical 
classification of the operating system (see Fig. 3 and 4). 
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10. Referring to claim 8, Edwards shows defining arbitrary relationships between 
sensitivity labels for the subjects and objects and mapping the arbitrary relationships 
(see Fig. 3). 

1 1 . Referring to claim 14, Edwards teaches mapping according to MAC (see lines 
0031). 

12. Referring to claim 16, Edwards explicitly teaches mapping the controls with 
privileges such as read, write and execute (see lines 0031). 

13. With respect to the limitations of claims 17 and 22, the list of valid labels recited in 
the claims 17 and 22 is a standard list of Mandatory Access Control (MAC) protocol. 

14. Regarding claim 18, it is well known in the art to separate labels by token "== >" 
and "P==>". One of ordinary skill in the art would have been motivated to use these 
tokens with ASCII code characters for easy recognition of the label. 

1 5. Referring to claims 6 and 7, Edwards teaches interfacing with compartment 
mapping information on a real time basis. 

16. Referring to the independent claim 24, the limitation " defining a fixed set of 
classifications for each subject and object .. " is met by the sensitivity labels, which are 
prioritized in such a way that it determines how objects having one sensitivity label can 
interact with the objects having different sensitivity label (see Edwards, Fig. 3). 

The limitation " defining a set of compartments for each label.." is met by is met by 
Fig. 2 showing separate system components involved in data transfer based on 
classification levels assigned by means of labels. The limitation " partitioning 
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application process entities and network interface entities into unique compartments" is 
met by compartments that hold application processes entities" is met by teachings of 
Edwards stating that sensitivity labels are prioritized for MAC in a way that determines 
how processes or objects having one sensitivity label can interact with processes or 
objects having different sensitivity labels. The MAC separated compartments are met 
by the web browser and the application running on a user machine and a web server 
(see Figs. 2 and 4). 

17. Referring to claim 27, the limitation "... complete information separation between 
Virtual Vault components, network interfaces, each application content and every 
deployed application component..." is met by Fig. 2 showing separate system 
components involved in data transfer based on classification levels assigned by means 
of labels. 

18. Referring to claims 9 and 28, the limitation" providing Mandatory Access Control 

separation between the compartments that hold network interface entities and the 

*. 

compartments that hold application processes entities" is met by teachings of Edwards 
stating that sensitivity labels are prioritized for MAC in a way that determines how 
processes or objects having one sensitivity label can interact with processes or objects 
having different sensitivity labels. The MAC separated compartments are met by the 
web browser and the application running on a user machine and a web server (see 
Figs. 2 and 4). 
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Conclusion 



20. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

U.S Patent No. 5,903,732 

U.S Patent No. 5,845,068 

U.S. patent No. 6,292,900 B1 



from the examiner should be directed to Grigory Gurshman whose telephone number is 
(571 )272-3803. The examiner can normally be reached on 9 AM-5:30 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571)272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Any inquiry concerning this communication or earlier communications 




Grigory Gurshman 
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